/hg/icedtea6: Added --no-check-certificate flag to wget command

Jakob Wisor gitne at gmx.de
Wed Oct 9 07:51:29 PDT 2013 

Pavel Tisnovsky wrote:
> ----- Andrew Hughes <gnu.andrew at redhat.com> wrote:
>>
>> ----- Original Message -----
>>> changeset 598a353f5405 in /hg/icedtea6
>>> details:
>>> http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=598a353f5405
>>> author: Pavel Tisnovsky <ptisnovs at redhat.com>
>>> date: Tue Oct 08 09:53:44 2013 +0200
>>>
>>> 	Added --no-check-certificate flag to wget command
>>> 	to allow downloading OpenJDK tarball using https.
>>>
>> Why are you making this change?  I tested and wget downloads the tarball fine.
>> Are you sure this is not a local configuration issue?
> 
> On stock RHEL 5 (default installation) I got the error message that the tarball
> can't be downloaded because of missing/invalid certificate. I think this change
> is harmless, but the question is why do we need to use https which is more time
> consuming on both sides (http server, wget on clients)?

Have you checked the ca store for a missing root certificate? If that's the case 
then I am with Andrew. It's up to the user/developer to keep their ca stores 
up-to-date and sane.

Regards,
Jacob

>>> diffstat:
>>>
>>>  ChangeLog   |  6 ++++++
>>>  Makefile.am |  2 +-
>>>  2 files changed, 7 insertions(+), 1 deletions(-)
>>>
>>> diffs (25 lines):
>>>
>>> diff -r 7ce84f82f817 -r 598a353f5405 ChangeLog
>>> --- a/ChangeLog	Mon Oct 07 23:11:18 2013 +0100
>>> +++ b/ChangeLog	Tue Oct 08 09:53:44 2013 +0200
>>> @@ -1,3 +1,9 @@
>>> +2013-10-08  Pavel Tisnovsky  <ptisnovs at redhat.com>
>>> +
>>> +	* Makefile.am:
>>> +	Added --no-check-certificate flag to wget command
>>> +	to allow downloading OpenJDK tarball using https.
>>> +
>>>  2013-10-07  Andrew John Hughes  <gnu.andrew at redhat.com>
>>>  
>>>  	* NEWS:
>>> diff -r 7ce84f82f817 -r 598a353f5405 Makefile.am
>>> --- a/Makefile.am	Mon Oct 07 23:11:18 2013 +0100
>>> +++ b/Makefile.am	Tue Oct 08 09:53:44 2013 +0200
>>> @@ -1070,7 +1070,7 @@
>>>  	    if [ -e $(OPENJDK_SRC_ZIP) ] ; then \
>>>  	      mv $(OPENJDK_SRC_ZIP) $(OPENJDK_SRC_ZIP).old ; \
>>>  	    fi ; \
>>> -	    $(WGET) $(OPENJDK_URL)$(OPENJDK_SRC_ZIP) -O $(OPENJDK_SRC_ZIP); \
>>> +	    $(WGET) $(OPENJDK_URL)$(OPENJDK_SRC_ZIP) --no-check-certificate -O
>>> $(OPENJDK_SRC_ZIP); \
>>>  	    if ! echo "$(OPENJDK_SHA256SUM)  $(OPENJDK_SRC_ZIP)" \
>>>  	      | $(SHA256SUM) --check ; then \
>>>  	      echo "ERROR: Bad download of OpenJDK zip"; false; \
>>>
>> -- 
>> Andrew :)

More information about the distro-pkg-dev mailing list